Vulnerabilities > SUN > JRE > 6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-05 | CVE-2008-5355 | Improper Authentication vulnerability in SUN Jdk, JRE and SDK The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | 10.0 |
2008-12-05 | CVE-2008-5354 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | 9.3 |
2008-12-05 | CVE-2008-5353 | Multiple Security vulnerability in SUN Jdk, JRE and SDK The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". | 10.0 |
2008-12-05 | CVE-2008-5352 | Numeric Errors vulnerability in SUN JDK and JRE Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. | 9.3 |
2008-12-05 | CVE-2008-5351 | Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | 7.5 |
2008-12-05 | CVE-2008-5350 | Information Exposure vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | 5.0 |
2008-12-05 | CVE-2008-5349 | Multiple Security vulnerability in SUN JDK and JRE Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. network sun | 7.1 |
2008-12-05 | CVE-2008-5348 | Multiple Security vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. network sun | 7.1 |
2008-12-05 | CVE-2008-5347 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | 7.5 |
2008-12-05 | CVE-2008-5344 | Unspecified vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. | 7.5 |